[ Pobierz całość w formacie PDF ]
.Stands for CERT Coordination Center, a center of Inter-The CERIAS affiliate program sponsors a variety ofnet security expertise operated by Carnegie Mellonresearch projects at collaborating research centers andUniversity.laboratories on subjects such as intrusion detection,See: CERT Coordination Center (CERT/CC)denial of service (DoS) attacks, information privacy,network security, virtual computing, and many othertopics.CERIAS also offers a graduate certificate forCERT Coordination Centereducators who want to develop information assurance(CERT/CC)programs at their colleges and universities.A center of Internet security expertise operated by Carnegie Mellon University.See Also: information assurance (IA)OverviewThe CERT Coordination Center (CERT/CC) is a federCenter for Internet Securityally funded research center that started in 1988 as a(CIS)project of the Defense Advanced Research ProjectsA nonprofit organization that helps organizations man-Agency (DARPA).CERT/CC studies securityage risk associated with information systems security.52 certificate certificate-based authenticationvulnerabilities in the Internet, publishes advisories andCAincident notes, recommends best practices for securingCnetworks, and provides training and advice on how todevelop computer security incident response teams.1 Certificaterequest fileCERT/CC takes a technology-neutral approach but alsoand proofE-commerceprovides specific recommendations for hardening speof identitysitecific operating system platforms.CERT/CC is widely2Digitalrecognized as a leader in information systems securitycertificateand collaborates with business and industry to helpwithpublic keymake the Internet a safer place. For More Information%7ń3 Secure electronicVisit the CERT/CC Web site at www.cert.org for moretransactionsClientinformation. Certificate authority (CA).How a client obtains a digitalcertificate from a certificate authority.certificateMarketplaceProperly called a digital certificate, encrypted inforCAs may include government agencies, commercialmation that guarantees that an encryption key belongscompanies, or in-house authorities set up and managedto a user.by IT (information technology) departments of largeSee: digital certificateorganizations.Public certificate authorities widely recognized in the marketplace include Thawte, Verisign,certificate authority (CA) and several others.Commercial software for enterprisesAlso called certification authority, a trusted entity that to set up and manage their own internal certificateissues digital certificates.authorities is available from Microsoft, Sun, Netscape,RSA, and many other vendors.OverviewCertificate authorities (CAs) form the foundation of See Also: certificate revocation list (CRL), digital cer Public Key Infrastructure (PKI) systems and are tificate, Public Key Infrastructure (PKI), root CAresponsible for issuing digital certificates in response tocertificate requests, maintaining a certificate store ofcertificate-basedissued certificates, and maintaining and publishing aauthenticationcertificate revocation list (CRL) of expired, invalid, orAuthentication of users by digital certificates.compromised certificates.CAs can be stand-alone entiOverviewties or part of a hierarchy or web of trust.At the top of aCertificate-based authentication can be used to providehierarchy sits the root CA, which issues certificates toexternal users with secure access to resources on yourother CAs to establish their identity (the root CA issuesnetwork.The external user is first granted a certificatea certificate to itself to establish its own identity).from a trusted certificate authority (CA).A userDepending on how a PKI system is implemented, CAsaccount is then created in the company directory and amay coexist with or cooperate with registration authormapping is established between the certificate and theities (RAs) to validate the identity of users requestingaccount.When the external user wants to accesscertificates.53 Certificate Information Systems Auditor (CISA) certificate serverresources on the company network, the user presents Overviewthe certificate to an authentication server that verifies it In order for an entity such as a user or application toCand grants access based on access control lists (ACLs) obtain a digital certificate, a request must be submittedfor the mapped account.One advantage of this to the appropriate CA.This request must be properlyapproach is that a single certificate can be mapped to formatted and contain the information needed by themultiple accounts, allowing a department of one com authority to grant the request.The entity then submitspany, for example, to access resources in another com the request along with its public key to the CA, whichpany as part of a supply-chain relationship or business then issues the requested certificate.partnership.The standard format for certificate requests in PublicCertificate-based authentication is supported by Active Key Infrastructure (PKI) systems is the X.509 certifiDirectory directory service on the Microsoft Windows cate request message format outlined in RFC 2511.platform [ Pobierz całość w formacie PDF ]